The Ray AI framework is being exploited in the wild, with vulnerabilities being actively exploited since its deployment. Anyscale, the project maintainer, has not implemented any security features, leaving the framework open to attacks. This lack of security measures is concerning given the widespread adoption of the Ray framework. The Zero Trust Architecture (ZTA) is recommended for modern software architecture to address such vulnerabilities. An ongoing attack campaign targeting servers storing AI workloads has been reported, with vulnerabilities in Ray being exploited. Anyscale is currently hiring Security Engineers to address these issues. The reported exploit involves the job scheduler submitting jobs without any authentication, highlighting the critical security flaws in the Ray framework. It is essential to prevent access to Ray clusters from untrusted machines to mitigate the risk of attacks.
Source link
Source link: https://gabetocci.medium.com/what-have-they-done-popular-ai-framework-deployed-without-a-single-security-consideration-09d749ed9e06?source=rss——artificial_intelligence-5
AI Framework Deployed Without Security Consideration #negligence
